You may have read my previous blog post on applying OS updates to your Azure Kubernetes Cluster (AKS) without doing a cluster upgrade https://pixelrobots.co.uk/2019/05/apply-os-updates-to-aks-nodes-without-an-upgrade/. This method used kured (KUbernetes REboot Daemon) by weaveworks https://github.com/weaveworks/kured. This method installed some Kubernetes resources onto your cluster. This new method, which is still in preview at the time this article was written does not install anything on to your cluster. The AKS OS images get updated once a week
Below I will go through the steps you need to follow to implement this new and improved method. Just remember, as this is in preview do not implement this on your production cluster just yet.
Register the preview feature
To start with as this is in preview you will need to register the preview feature. To do this you will use the az feature register command.
| 1 | az feature register --namespace "Microsoft.ContainerService" --name "NodeImageUpgradePreview" | 

After several minutes, the registration will complete. To check that it has finished you can use the az feature list command.
| 1 | az feature list -o table --query "[?contains(name, 'Microsoft.ContainerService/NodeImageUpgradePreview')].{Name:name,State:properties.state}" | 

You will also need to install the most up to date aks-preview cli extenstion. For this you will need to use the az extension add or az extension update commands.
| 1 2 3 4 5 | # Install the aks-preview extension az extension add --name aks-preview # Update the extension to make sure you have the latest version installed az extension update --name aks-preview | 

As I have the latest updates, I get the message above. If you get no message, then it would have updated.
Time to Upgrade all nodes in all node pools
For this you will be using the az aks upgrade command with the –node-image-only command.
| 1 | az aks upgrade --resource-group pixel-aks-weu --name pixel-aks-weu --node-image-only | 

To check on the progress of your upgrade you can use the following kubectl command.
| 1 | kubectl get nodes | 

As you can see one node has been up for 5 minutes and 46 seconds. That one has been updated. It’s now moving to the next ones. This can take some time. After a while you can use the following command to check the state of the cluster.
To check that the upgrade has finished you can use the az aks show command.
| 1 | az aks show -g pixel-aks-weu -n pixel-aks-weu --query '[provisioningState]' -o table | 

If it does not say succeeded, then it is still doing the upgrade.
And that’s it, you have upgraded the whole cluster to the latest OS image but wait there are more options!
Upgrade a specific node pool
For this I am going to use another cluster as the one I used above is all updated.
So, to upgrade just one node pool you use the az aks nodepool upgrade command.
| 1 | az aks nodepool upgrade --resource-group robots-aks-weu --cluster-name robots-aks-weu --name  pool1 --node-image-only | 

I found in my tests that a nodepool upgrade sits showing running till it has finished. You could add –no-wait to this command, so you do not have to wait.
To check that the node pool has finished upgrading you can use the az aks nodepool show command.
| 1 | az aks nodepool show --resource-group robots-aks-weu --cluster-name robots-aks-weu --name pool1 --query '[provisioningState]' -o table | 

All in All
I really like this new feature and would like to see a way to schedule it. Perhaps, an Azure logic app could do this by spinning up container in Azure Container Instances (ACI). You could also do this via a DevOps pipeline. I would ideally like to see a nice effortless way in the portal or via CLI.
If you have any thoughts let me know.
Thanks for reading, and if you have any comments or questions please reach out.
 
													 
													 
													
4 Comments
Claudio Altamirano · June 30, 2020 at 5:19 pm
Muy buen aporte en tus artículos, felicitaciones.
Sabes que ando en busca de información para poder hacer un Sizing de las IPs con las que se crea un AKS.
Tienes información de eso, se te ocurre algo.
Ejemplo. /24 or /22…como se calcula..como se hace el Sizing del rango de IPs…?
Atte
Claudio
Santiago – Chile
Srihari Thota · March 31, 2021 at 5:23 pm
could you please provide the script / process for
AKS cluster stop at 11 pm and start at 9 am automatically, we scheduling the cluster for cost saving.
thanks in advance
Microsoft Azure Insights: Node images; Emergency access accounts; Azure Arc ERP for Hong Kong SME · June 27, 2020 at 9:08 pm
[…] on Pixel Robots, Richard Hooper expanded on a recent theme of OS updates to an Azure Kubernetes Service cluster, […]
Automatic Azure Kubernetes Service (AKS) node Image updates - Pixel Robots. · May 24, 2021 at 11:49 am
[…] which they update roughly once a week. You can read my post about it when it was in preview at https://pixelrobots.co.uk/2020/06/azure-kubernetes-service-aks-node-image-upgrade-preview/. Since then, Microsoft have made more improvements and now you can finally automate the node image […]